IT Security Essay Example | Topics and Well Written Essays - 1000 words

IT Security - Essay Example For any information system to be operational, government mandated compliances need to be undertaken by the chief information officer (CIO) and government officers. For a system to pass these security compliances it must meet the criteria set for; the system boundaries for the hardware, software, users and interactions with the environment must be clearly defined so as to assess any threats. Therefore, a CIO must provide a plan of action for the system and also state any contingency measures needed in the case of a security threat. Moreover, the chief information officer then gets certification and accreditation from the government once this is achieved (Enloe, 2002). Information systems are required to be secure in order to facilitate business success and their resilience in the changing information society. This means that a CIO ought to ensure that the system is secure enough to deliver vital information and services at the right time with no compromise. This is because secure syst ems increase public confidence and trust in the organization and in their products or services. Information security also ensures that performance of all the stakeholders in the organizations from management to junior staff is effective (Bowen, Chew and Hash, 2007). In addition, security also reduces the chances of risk to the organization and protects the integrity of the information or data stored in the organization. In the design of an information system, the CIO needs to be aware of information security elements, which must be in line with government mandated compliance. Moreover, considering that security planning of a system it is very important for a CIO to know who accesses the system at any time, and thus, the role of an information system officer in the system needs to be understood and clearly defined (Enloe, 2002). The authorizing officers in the organization and other users including the management need to be issued with access codes for authorization. Through this he will track and know who accessed the system at what time and which information was accessed or modified with use of these codes. The CIO should provide the management with the capital estimates required in running and maintaining the whole system and the time required to change or upgrade the system. In addition, he must conduct awareness and training campaigns on the whole organizations. This is to educate the users of a system on the different types of security threats present and how to evade them. Thus, a CIO is required to conduct risk assessment for the organization management, and explain to the personnel and management how the system will meet the organization’s mission and goals (Enloe, 2002). To this effect, the CIO must design a system that provides as stated in NIST: â€Å"Information security protection from unauthorized access, use or disclosure, disruption and modification of information.† The system must also comply with the standards set up for policie s, procedures and guidelines by national law and legislations. The CIO is also responsible for developing and maintaining agency wide information security programs, policies and control techniques for the organizations systems. Moreover, he is required to develop disaster recovery management program, to